Trivial ACLs in zfs-osx
189 views
Skip to first unread message
Guillaume Lessard
Nov 15, 2013, 4:24:25 PM11/15/13
to maczfs...@googlegroups.com
Hi,
I was inclined to report this as a bug, but it's actually a design issue. Discuss.
OpenZFS introduces so-called trivial ACLs to OSX. While a file lives on ZFS, the trivial ACLs are well and good, since they're handled and updated by the filesystem whenever the mode bits change.
However, once the file gets copied to an HFS+ volume by OSX, the ACL updates are no longer automatic. These entries then become a liability, easily falling out of sync with the mode bits. This is a somewhat user-hostile situation, and is probably undesirable.
Should there be a way to prevent trivial ACLs from propagating to other file system types?
Should it be possible to turn them off to improve compatibility with OS X and the Finder?
I was inclined to report this as a bug, but it's actually a design issue. Discuss.
OpenZFS introduces so-called trivial ACLs to OSX. While a file lives on ZFS, the trivial ACLs are well and good, since they're handled and updated by the filesystem whenever the mode bits change.
However, once the file gets copied to an HFS+ volume by OSX, the ACL updates are no longer automatic. These entries then become a liability, easily falling out of sync with the mode bits. This is a somewhat user-hostile situation, and is probably undesirable.
Should there be a way to prevent trivial ACLs from propagating to other file system types?
Should it be possible to turn them off to improve compatibility with OS X and the Finder?
ilov...@icloud.com
Nov 15, 2013, 11:05:09 PM11/15/13
to maczfs...@googlegroups.com
For those that do not like the behavior of ZFS ACLs, you can build without ACL support by commenting out
vfs_setextendedsecurity(vfsp);
Given the amount of complaining that ZFS ACLs have engendered, I reiterate the recommendation I have made in #mac-zfs more than once that the distributed binary builds not include ZFS ACL support.
Those who need support for Darwin ACLs can use HFS+ on a ZVOL or in a sparsebundle.
Message has been deleted
Graham Perrin
Nov 16, 2013, 4:07:38 AM11/16/13
to maczfs...@googlegroups.com
<https://github.com/zfs-osx/zfs/issues/44#issuecomment-23377011> and other points under the request for enhancement 'support ACLs' were observed without complaint from me.
>> … copied to an HFS+ volume …
I didn't get that far. The issues that I observed were with ZFS.
ilov...@icloud.com
Dec 30, 2013, 9:59:28 AM12/30/13
to maczfs...@googlegroups.com
Let's see if you prefer the behavior of https://github.com/zfs-osx/zfs/tree/xattr_darwinacls
On Friday, November 15, 2013 1:24:25 PM UTC-8, Guillaume Lessard wrote:
Daniel Jozsef
Mar 24, 2014, 10:08:42 AM3/24/14
to maczfs...@googlegroups.com
How about making this adjustable at a filesystem level? Or through a system config?
Daniel Jozsef
Mar 25, 2014, 4:13:58 PM3/25/14
to maczfs...@googlegroups.com
BTW... when using a ZFS filesystem with the standard trivial ACLs, is there a way to tell OSX to strip the ACLs upon copy or move?
I'm thinking about writing a cronjob that would periodically find and strip all ACLs under /Users, but that just feels... well... weird. ;) Is there a better way?
Reply all
Reply to author
Forward
0 new messages